Peter Pearson wrote:[color=blue]
> Pat Farrell wrote:[color=green]
>> Based on MD5 in what way? Not in any technical aspect, other
>> than both were designed to be cryptographically strong hashes.[/color]
>
> The nature of the mushing, however, is very similar:
> a dataflow diagram of MD5 looks very much like a dataflow
> diagram of SHA.[/color]

Sure, they are both basically feisel ciphers.

Lots of ciphers are feisel ciphers, a dataflow diagram
doesn't show much. Take clear text, smush it some, end up
with weird garbage looking stuff.

Idea, AES, DES, lets look like that.
[color=blue]
> Since SHA-1 appeared to be a very robust design, but has
> recently been found to be weak, the crypto community is
> perplexed by the realization that we don't know much about
> designing hash functions.[/color]

Found to have a flaw is not the same as "weak"
Which do you mean?

At some level, all crypto is voodoo.

--
Pat

09-30-2007, 10:11 PM

unix

Re: md5 collision

Ralf Fassel <ralfixx@gmx.de> said:[color=blue]
>* Unruh <unruh-spam@physics.ubc.ca>
>| b)One cannot create collisions. One can generate two files which
>| have the same md5 hash. One cannot create a second file with the
>| same md5 hash as a given file.[/color]
....[color=blue]
>| One cannot create a second file with the same md5 hash as a given
>| file.
>
>I just did? Or do you (obviously?) mean 'a second file with different
>contents than the first one'?[/color]

Yep. So, it has been found out that it is relatively easy (or at least
much easier than it should have been) to create two distinct files with
the same MD5 checksum. But only if you create the second file somehow
based on the first one.

Peter Pearson wrote:
[color=blue]
> matt_left_coast wrote:
>[color=green]
>> Unruh wrote:
>>[color=darkred]
>>>>When dealing with the first case, you create the first of the two files,
>>>>then the file IS known. Then you would be dealing with the second case.
>>>
>>> But you have to create them together. You cannot create one and then
>>> make another which has the same md5.[/color]
>>
>> Exact process, please.[/color]
>
> The logic here escapes me. Unruh appears to be claiming that
> you cannot do something ("cannot create one and then make
> another which has the same md5"), and matt_left_coast appears
> to be asserting that Unruh should support that claim by
> detailing how to do something. You cannot show that something
> is impossible by showing how to do something. If
> matt_left_coast wishes to claim that one can find a preimage
> to a given hash, it's up to him to specify how.
>
> A recent paper on md5 attacks is "Improved Collision Attack on MD5"
> by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
> available at [url]http://eprint.iacr.org/2005/400.pdf[/url]. The procedure
> is outlined in section 3.4. While the details are not essential
> to this discussion, the alert reader will note that the attack
> does *not* produce a preimage for a given hash, but rather produces
> a pair of messages whose hashes match. Unruh is quite right.
>[/color]

Are the two files useful for ANYTHING? What are you going to do, put up one
of the files for download and swap it for the other? Yeah, you can generate
virtually random files that have the same MD5 value but what is the use? It
is a meaningless exercise in mental masturbation. Other than to prove it
can be done, what use is it? Can you come up with a truly useful "attack"
that could be based on this?

Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
that 2 legitimate files exist in any place where it could be an issue is so
ridiculously remote and other issues so much more important that it is
probably not worth the effort devoted to this discussion.

--

09-30-2007, 10:11 PM

unix

Re: md5 collision

matt_left_coast wrote:[color=blue]
> Jan Pompe wrote:
>
>[color=green]
>>matt_left_coast wrote:
>>[color=darkred]
>>>Jan Pompe wrote:
>>>
>>>
>>>
>>>>matt_left_coast wrote:
>>>>
>>>>
>>>>>Unruh wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Unruh wrote:
>>>>>>
>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>second case.
>>>>>>>>
>>>>>>>>But you have to create them together. You cannot create one and then
>>>>>>>>make another which has the same md5.
>>>>>>
>>>>>>>Exact process, please.
>>>>>>
>>>>>>Go read the papers.
>>>>>
>>>>>
>>>>>Well, I'll take that as proof you are just bull ****ting, as I thought.
>>>>>
>>>>
>>>>Is it proof of the same thing when you do it?
>>>>
>>>>You seem to do it alot
>>>
>>>
>>>Where?
>>>[/color]
>>
>>Do you have a problem with recall?
>>
>>here, wish list overcoming NIS[/color]
>
>
> Eh? Where in this thread did I say anything like "Go read the papers."? No
> where.
>
>[color=green]
>>here there everywhere[/color]
>
>
> I see you have made an accusation you can not back up. If you have any thing
> REAL to back up your personal attacks, please provide examples.
>[/color]
You have them go read the threads named.

09-30-2007, 10:11 PM

unix

Re: md5 collision

In comp.os.linux.security matt_left_coast <not@chance.org>:[color=blue]
> Unruh wrote:[/color]
[color=blue][color=green]
>> matt_left_coast <not@chance.org> writes:
>>[color=darkred]
>>>Unruh wrote:[/color]
>>[color=darkred]
>>>>>When dealing with the first case, you create the first of the two files,
>>>>>then the file IS known. Then you would be dealing with the second case.
>>>>
>>>> But you have to create them together. You cannot create one and then
>>>> make another which has the same md5.[/color]
>>[color=darkred]
>>>Exact process, please.[/color]
>>
>> Go read the papers.[/color][/color]
[color=blue]
> Well, I'll take that as proof you are just bull ****ting, as I thought.[/color]

Please calm down.

This should give a little more insight:

[url]http://www.cits.rub.de/MD5Collisions/[/url]

There is heavily math involved, so you can be sure Bill is almost
always right.

matt_left_coast wrote:[color=blue]
> Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
> that 2 legitimate files exist in any place where it could be an issue is
> so ridiculously remote and other issues so much more important that it is
> probably not worth the effort devoted to this discussion.[/color]

Generally correct. But it costs nothing to use a better hash.
So we need to tell people to just stop using MD5 and use whatever
SHA* that your threat model requires.

--
Pat

09-30-2007, 10:11 PM

unix

Re: md5 collision

Pat Farrell wrote:
[color=blue]
> matt_left_coast wrote:[color=green]
>> Quite frankly, people worried about the MD5 thing are nuts, the
>> likelyhood that 2 legitimate files exist in any place where it could be
>> an issue is so ridiculously remote and other issues so much more
>> important that it is probably not worth the effort devoted to this
>> discussion.[/color]
>
> Generally correct. But it costs nothing to use a better hash.
> So we need to tell people to just stop using MD5 and use whatever
> SHA* that your threat model requires.
>[/color]

Oh? So, a company that is makes hevy use of MD5 can cut over with no cost?
BS.
--

09-30-2007, 10:11 PM

unix

Re: md5 collision

Michael Heiming wrote:
[color=blue]
> In comp.os.linux.security matt_left_coast <not@chance.org>:[color=green]
>> Unruh wrote:[/color]
>[color=green][color=darkred]
>>> matt_left_coast <not@chance.org> writes:
>>>
>>>>Unruh wrote:
>>>
>>>>>>When dealing with the first case, you create the first of the two
>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>second case.
>>>>>
>>>>> But you have to create them together. You cannot create one and then
>>>>> make another which has the same md5.
>>>
>>>>Exact process, please.
>>>
>>> Go read the papers.[/color][/color]
>[color=green]
>> Well, I'll take that as proof you are just bull ****ting, as I thought.[/color]
>
> Please calm down.
>
> This should give a little more insight:
>
> [url]http://www.cits.rub.de/MD5Collisions/[/url]
>
> There is heavily math involved, so you can be sure Bill is almost
> always right.
>[/color]

If you read it carefully, it also does not say it is IMPOSSIBLE to create a
second file. Given enough time and computer power, it could well be done.
The point is, does it make any difference to create a files in that method?
Can they be used for ANYTHING? Like wise, is it worth the effort to make a
second file that has the same checksum value. Also, the fact that you can,
with a great deal of effort create 2 files that have the same MD5 value,
there is nothing that shows that every file can have a second file with the
same checksum. Indeed, I see nothing that shows that ANY pre-existing file
can have a checksum that can be shared with another file. In short it may
be that only a very few of all the files in the world can even HAVE a
second file with the same checksum much less have it be an issue.

The evidence I have seen does not show that this is a serious issue at all.

--

09-30-2007, 10:11 PM

unix

Re: md5 collision

Jan Pompe wrote:
[color=blue]
> matt_left_coast wrote:[color=green]
>> Jan Pompe wrote:
>>
>>[color=darkred]
>>>matt_left_coast wrote:
>>>
>>>>Jan Pompe wrote:
>>>>
>>>>
>>>>
>>>>>matt_left_coast wrote:
>>>>>
>>>>>
>>>>>>Unruh wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Unruh wrote:
>>>>>>>
>>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>>second case.
>>>>>>>>>
>>>>>>>>>But you have to create them together. You cannot create one and
>>>>>>>>>then make another which has the same md5.
>>>>>>>
>>>>>>>>Exact process, please.
>>>>>>>
>>>>>>>Go read the papers.
>>>>>>
>>>>>>
>>>>>>Well, I'll take that as proof you are just bull ****ting, as I
>>>>>>thought.
>>>>>>
>>>>>
>>>>>Is it proof of the same thing when you do it?
>>>>>
>>>>>You seem to do it alot
>>>>
>>>>
>>>>Where?
>>>>
>>>
>>>Do you have a problem with recall?
>>>
>>>here, wish list overcoming NIS[/color]
>>
>>
>> Eh? Where in this thread did I say anything like "Go read the papers."?
>> No where.
>>
>>[color=darkred]
>>>here there everywhere[/color]
>>
>>
>> I see you have made an accusation you can not back up. If you have any
>> thing REAL to back up your personal attacks, please provide examples.
>>[/color]
> You have them go read the threads named.[/color]

I asked for EXAMPLES but you have not provided anything verifiable, you are
full of ****. Provide message ID of where I do what you claim.
--

09-30-2007, 10:12 PM

unix

Re: md5 collision

Jan Pompe wrote:
[color=blue]
> matt_left_coast wrote:[color=green]
>> Jan Pompe wrote:
>>
>>[color=darkred]
>>>matt_left_coast wrote:
>>>
>>>>Jan Pompe wrote:
>>>>
>>>>
>>>>
>>>>>matt_left_coast wrote:
>>>>>
>>>>>
>>>>>>Unruh wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Unruh wrote:
>>>>>>>
>>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>>second case.
>>>>>>>>>
>>>>>>>>>But you have to create them together. You cannot create one and
>>>>>>>>>then make another which has the same md5.
>>>>>>>
>>>>>>>>Exact process, please.
>>>>>>>
>>>>>>>Go read the papers.
>>>>>>
>>>>>>
>>>>>>Well, I'll take that as proof you are just bull ****ting, as I
>>>>>>thought.
>>>>>>
>>>>>
>>>>>Is it proof of the same thing when you do it?
>>>>>
>>>>>You seem to do it alot
>>>>
>>>>
>>>>Where?
>>>>
>>>
>>>Do you have a problem with recall?
>>>
>>>here, wish list overcoming NIS[/color]
>>
>>
>> Eh? Where in this thread did I say anything like "Go read the papers."?
>> No where.
>>
>>[color=darkred]
>>>here there everywhere[/color]
>>
>>
>> I see you have made an accusation you can not back up. If you have any
>> thing REAL to back up your personal attacks, please provide examples.
>>[/color]
> You have them go read the threads named.[/color]

Within the thread I reffer back to a statement MADE IN THAT THREAD. I reffer
to the ORIGINAL POST OF THE TREAD. I have NEVER said "Go read the papers."
where there is NO link to the "papers" within the thread. There is a big
difference between referring back to something said in a conversation and
referring to something that has not been mentioned and in such a generic
way as " Go read the papers." Too bad you are too stupid to understand
that.

--

09-30-2007, 10:12 PM

unix

Re: md5 collision

matt_left_coast wrote:[color=blue]
> Jan Pompe wrote:
>
>[color=green]
>>matt_left_coast wrote:
>>[color=darkred]
>>>Jan Pompe wrote:
>>>
>>>
>>>
>>>>matt_left_coast wrote:
>>>>
>>>>
>>>>>Jan Pompe wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>matt_left_coast wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Unruh wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Unruh wrote:
>>>>>>>>
>>>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>>>second case.
>>>>>>>>>>
>>>>>>>>>>But you have to create them together. You cannot create one and
>>>>>>>>>>then make another which has the same md5.
>>>>>>>>
>>>>>>>>>Exact process, please.
>>>>>>>>
>>>>>>>>Go read the papers.
>>>>>>>
>>>>>>>
>>>>>>>Well, I'll take that as proof you are just bull ****ting, as I
>>>>>>>thought.
>>>>>>>
>>>>>>
>>>>>>Is it proof of the same thing when you do it?
>>>>>>
>>>>>>You seem to do it alot
>>>>>
>>>>>
>>>>>Where?
>>>>>
>>>>
>>>>Do you have a problem with recall?
>>>>
>>>>here, wish list overcoming NIS
>>>
>>>
>>>Eh? Where in this thread did I say anything like "Go read the papers."?
>>>No where.
>>>
>>>
>>>
>>>>here there everywhere
>>>
>>>
>>>I see you have made an accusation you can not back up. If you have any
>>>thing REAL to back up your personal attacks, please provide examples.
>>>[/color]
>>
>>You have them go read the threads named.[/color]
>
>
> I asked for EXAMPLES but you have not provided anything verifiable, you are
> full of ****. Provide message ID of where I do what you claim.[/color]

You can verify it by checking your posts in the threads I named.

Don't be lazy.

09-30-2007, 10:12 PM

unix

Re: md5 collision

matt_left_coast wrote:[color=blue]
> Jan Pompe wrote:
>
>[color=green]
>>matt_left_coast wrote:
>>[color=darkred]
>>>Jan Pompe wrote:
>>>
>>>
>>>
>>>>matt_left_coast wrote:
>>>>
>>>>
>>>>>Jan Pompe wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>matt_left_coast wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Unruh wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>matt_left_coast <not@chance.org> writes:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>Unruh wrote:
>>>>>>>>
>>>>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>>>>second case.
>>>>>>>>>>
>>>>>>>>>>But you have to create them together. You cannot create one and
>>>>>>>>>>then make another which has the same md5.
>>>>>>>>
>>>>>>>>>Exact process, please.
>>>>>>>>
>>>>>>>>Go read the papers.
>>>>>>>
>>>>>>>
>>>>>>>Well, I'll take that as proof you are just bull ****ting, as I
>>>>>>>thought.
>>>>>>>
>>>>>>
>>>>>>Is it proof of the same thing when you do it?
>>>>>>
>>>>>>You seem to do it alot
>>>>>
>>>>>
>>>>>Where?
>>>>>
>>>>
>>>>Do you have a problem with recall?
>>>>
>>>>here, wish list overcoming NIS
>>>
>>>
>>>Eh? Where in this thread did I say anything like "Go read the papers."?
>>>No where.
>>>
>>>
>>>
>>>>here there everywhere
>>>
>>>
>>>I see you have made an accusation you can not back up. If you have any
>>>thing REAL to back up your personal attacks, please provide examples.
>>>[/color]
>>
>>You have them go read the threads named.[/color]
>
>
> Within the thread I reffer back to a statement MADE IN THAT THREAD. I reffer
> to the ORIGINAL POST OF THE TREAD. I have NEVER said "Go read the papers."
> where there is NO link to the "papers" within the thread. There is a big
> difference between referring back to something said in a conversation and
> referring to something that has not been mentioned and in such a generic
> way as " Go read the papers." Too bad you are too stupid to understand
> that.
>[/color]
It seems you are just too stupid to realize it amounts to the same type
of rudeness that you have committed and are complaining about in others.

In short you are the pot calling the kettle black.

09-30-2007, 10:12 PM

unix

Re: md5 collision

Jan Pompe wrote:
[color=blue]
> It seems you are just too stupid to realize it amounts to the same type
> of rudeness that you have committed and are complaining about in others.
>
> In short you are the pot calling the kettle black.[/color]

Wow, how profound. I know EXACTLY how rude I am being. When confronted with
someone as stupid as you I will get rude. The thing is, I can be nice,
stupidity such as your is permanent.

--

09-30-2007, 10:12 PM

unix

Re: md5 collision

Jan Pompe wrote:
[color=blue][color=green]
>> I asked for EXAMPLES but you have not provided anything verifiable, you
>> are full of ****. Provide message ID of where I do what you claim.[/color]
>
> You can verify it by checking your posts in the threads I named.
>
> Don't be lazy.[/color]

I have. I referred withen the context of a conversation, I referred to
something within that conversation. If you have a problem with THAT, you
are more of an idiot that I ever imagined. If you can not understand the
difference between referring to something that was said in a conversation
vs the statement "Go read the papers." When there was no previous mention
of "the papers" in the conversation, then you are a bigger idiot than I
thought.

--

09-30-2007, 10:12 PM

unix

Re: md5 collision

In comp.os.linux.security matt_left_coast <not@chance.org>:[color=blue]
> Michael Heiming wrote:[/color]
[color=blue][color=green]
>> In comp.os.linux.security matt_left_coast <not@chance.org>:[color=darkred]
>>> Unruh wrote:[/color]
>>[color=darkred]
>>>> matt_left_coast <not@chance.org> writes:
>>>>
>>>>>Unruh wrote:
>>>>
>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>second case.
>>>>>>
>>>>>> But you have to create them together. You cannot create one and then
>>>>>> make another which has the same md5.
>>>>
>>>>>Exact process, please.
>>>>
>>>> Go read the papers.[/color]
>>[color=darkred]
>>> Well, I'll take that as proof you are just bull ****ting, as I thought.[/color]
>>
>> Please calm down.
>>
>> This should give a little more insight:
>>
>> [url]http://www.cits.rub.de/MD5Collisions/[/url]
>>
>> There is heavily math involved, so you can be sure Bill is almost
>> always right.
>>[/color][/color]
[color=blue]
> If you read it carefully, it also does not say it is IMPOSSIBLE to create a
> second file. Given enough time and computer power, it could well be done.[/color]

You have completely missed the point, in the above example the
second file does make sense. Dunno why you make such a trouble
out of the matter.

matt_left_coast wrote:[color=blue]
> Jan Pompe wrote:
>
>[color=green]
>>It seems you are just too stupid to realize it amounts to the same type
>>of rudeness that you have committed and are complaining about in others.
>>
>>In short you are the pot calling the kettle black.[/color]
>
>
> Wow, how profound. I know EXACTLY how rude I am being. When confronted with
> someone as stupid as you I will get rude. The thing is, I can be nice,[/color]

I doubt it your ego is far too inflated for that.

09-30-2007, 10:12 PM

unix

Re: md5 collision

Michael Heiming wrote:
[color=blue]
> In comp.os.linux.security matt_left_coast <not@chance.org>:[color=green]
>> Michael Heiming wrote:[/color]
>[color=green][color=darkred]
>>> In comp.os.linux.security matt_left_coast <not@chance.org>:
>>>> Unruh wrote:
>>>
>>>>> matt_left_coast <not@chance.org> writes:
>>>>>
>>>>>>Unruh wrote:
>>>>>
>>>>>>>>When dealing with the first case, you create the first of the two
>>>>>>>>files, then the file IS known. Then you would be dealing with the
>>>>>>>>second case.
>>>>>>>
>>>>>>> But you have to create them together. You cannot create one and then
>>>>>>> make another which has the same md5.
>>>>>
>>>>>>Exact process, please.
>>>>>
>>>>> Go read the papers.
>>>
>>>> Well, I'll take that as proof you are just bull ****ting, as I thought.
>>>
>>> Please calm down.
>>>
>>> This should give a little more insight:
>>>
>>> [url]http://www.cits.rub.de/MD5Collisions/[/url]
>>>
>>> There is heavily math involved, so you can be sure Bill is almost
>>> always right.
>>>[/color][/color]
>[color=green]
>> If you read it carefully, it also does not say it is IMPOSSIBLE to create
>> a second file. Given enough time and computer power, it could well be
>> done.[/color]
>
> You have completely missed the point, in the above example the
> second file does make sense. Dunno why you make such a trouble
> out of the matter.
>
> [..]
>[/color]

Show me ONE documented example of this EVER ACTUALLY happening. The fact
that someone can write a fable does not mean it is an issue.

--

09-30-2007, 10:12 PM

unix

Re: md5 collision

Jan Pompe wrote:
[color=blue]
> matt_left_coast wrote:[color=green]
>> Jan Pompe wrote:
>>
>>[color=darkred]
>>>It seems you are just too stupid to realize it amounts to the same type
>>>of rudeness that you have committed and are complaining about in others.
>>>
>>>In short you are the pot calling the kettle black.[/color]
>>
>>
>> Wow, how profound. I know EXACTLY how rude I am being. When confronted
>> with someone as stupid as you I will get rude. The thing is, I can be
>> nice,[/color]
>
> I doubt it your ego is far too inflated for that.[/color]

that the best you can do?

--

09-30-2007, 10:12 PM

unix

Re: md5 collision

Juha Laiho <Juha.Laiho@iki.fi> writes:
[color=blue]
>Ralf Fassel <ralfixx@gmx.de> said:[color=green]
>>* Unruh <unruh-spam@physics.ubc.ca>
>>| b)One cannot create collisions. One can generate two files which
>>| have the same md5 hash. One cannot create a second file with the
>>| same md5 hash as a given file.[/color]
>...[color=green]
>>| One cannot create a second file with the same md5 hash as a given
>>| file.
>>
>>I just did? Or do you (obviously?) mean 'a second file with different
>>contents than the first one'?[/color][/color]
[color=blue]
>Yep. So, it has been found out that it is relatively easy (or at least
>much easier than it should have been) to create two distinct files with
>the same MD5 checksum. But only if you create the second file somehow
>based on the first one.[/color]

NOt only that but you have to change the first file in order to get the
second file to have the same hash. Ie, given file A it is hard to find a
file B that has the hash of A But it is easy to alter A so that a B with
the same hash as the altered A can be found.

[color=blue]
>If you just have the md5 hash, it is still relatively hard to generate
>data which would produce the same hash.[/color]

09-30-2007, 10:12 PM

unix

Re: md5 collision

matt_left_coast <not@chance.org> writes:
[color=blue]
>Peter Pearson wrote:[/color]
[color=blue][color=green]
>> matt_left_coast wrote:
>>[color=darkred]
>>> Unruh wrote:
>>>
>>>>>When dealing with the first case, you create the first of the two files,
>>>>>then the file IS known. Then you would be dealing with the second case.
>>>>
>>>> But you have to create them together. You cannot create one and then
>>>> make another which has the same md5.
>>>
>>> Exact process, please.[/color]
>>
>> The logic here escapes me. Unruh appears to be claiming that
>> you cannot do something ("cannot create one and then make
>> another which has the same md5"), and matt_left_coast appears
>> to be asserting that Unruh should support that claim by
>> detailing how to do something. You cannot show that something
>> is impossible by showing how to do something. If
>> matt_left_coast wishes to claim that one can find a preimage
>> to a given hash, it's up to him to specify how.
>>
>> A recent paper on md5 attacks is "Improved Collision Attack on MD5"
>> by Yu Sasaki, Yusuke Naito, Noboru Kunihiro, and Kazuo Ohta,
>> available at [url]http://eprint.iacr.org/2005/400.pdf[/url]. The procedure
>> is outlined in section 3.4. While the details are not essential
>> to this discussion, the alert reader will note that the attack
>> does *not* produce a preimage for a given hash, but rather produces
>> a pair of messages whose hashes match. Unruh is quite right.
>>[/color][/color]
[color=blue]
>Are the two files useful for ANYTHING? What are you going to do, put up one
>of the files for download and swap it for the other? Yeah, you can generate
>virtually random files that have the same MD5 value but what is the use? It
>is a meaningless exercise in mental masturbation. Other than to prove it
>can be done, what use is it? Can you come up with a truly useful "attack"
>that could be based on this?[/color]

No. The two files can contain some random parts, but that can be hidden in
many file formats. Ie, it is easy to create two different word files which
have some random junk in the file area which is not used by word to create
the text such that the two files have the same md5 hash.

[color=blue]
>Quite frankly, people worried about the MD5 thing are nuts, the likelyhood
>that 2 legitimate files exist in any place where it could be an issue is so
>ridiculously remote and other issues so much more important that it is
>probably not worth the effort devoted to this discussion.[/color]

No it is not. It is now easy for a crook to have you give you one document, and
then produce another with entirely different text but with exactly the same
MD5 hash which is what he claims he signed.